General
-
Target
7b6c1121ec44afae0d4e413597dbe6cb95d65b551e2bbff81e2f5d726ded4ca9
-
Size
237KB
-
Sample
220521-n2f4sseea2
-
MD5
8288456478ad8b4bd2c7f185f7a1d715
-
SHA1
fc4002bb03c4afd260d4ae15c98a5c60d024813f
-
SHA256
7b6c1121ec44afae0d4e413597dbe6cb95d65b551e2bbff81e2f5d726ded4ca9
-
SHA512
e1d486f187b2a992e1306952b5500cbe8ef97c63cb5f719f2336ebba68efc219f647a6d671c28e590a70b930be61d821a3034947d3f946fca477e872d0f2564f
Malware Config
Extracted
Protocol: smtp- Host:
mail.baconplumbing.co.za - Port:
587 - Username:
[email protected] - Password:
Andrew@1652
Targets
-
-
Target
Notice of Payment.exe
-
Size
347KB
-
MD5
0b7b2acd93a784e3af07bd3acaec2e97
-
SHA1
069c15a1913cd506ffc306a14075e7dd28a3d122
-
SHA256
d70b1d7ebfde15715b3e63d8b4cf75c9025de1e3744d83c78278d7e939d459de
-
SHA512
aecdfc30af77e6500c0fc5951a5bb0d476d7e932e77b3303044b26a99e6d0b328db72623e076174d6a6d56dfe792ef43d71e145d73500fc39842ef0e061e9807
Score10/10-
Cheetah Keylogger
Cheetah is a keylogger and info stealer first seen in March 2020.
-
Cheetah Keylogger Payload
-
Obfuscated with Agile.Net obfuscator
Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
-
Accesses Microsoft Outlook profiles
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-